linkfox-echotik-product-video
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to 'https://tool-gateway.linkfox.com' and 'https://skill-api.linkfox.com' to fetch product data and submit feedback. These domains are associated with the skill's author (linkfox-ai) and represent legitimate vendor functionality.
- [CREDENTIALS_UNSAFE]: The Python script correctly retrieves the required API key from environment variables (LINKFOX_AGENT_API_KEY or LINKFOX_AGENT_API_KEY). No secrets are hardcoded in the skill files.
- [COMMAND_EXECUTION]: The skill uses a Python script to perform API requests and handle data. The script uses standard libraries (urllib.request) and does not utilize dangerous functions like eval(), exec(), or subprocess calls on untrusted data.
- [DATA_EXFILTRATION]: The skill writes API response data to a local 'linkfox/' directory within the current workspace for processing. This is a documented design choice to manage large data payloads and does not involve accessing sensitive system files or unexpected data transmission.
- [SAFE]: No malicious patterns such as prompt injection, obfuscation, or persistence mechanisms were detected. The skill's behavior matches its described purpose.
Audit Metadata